pub struct AuthContext {
pub token_id: TokenId,
pub scope: TokenScope,
}Expand description
Per-request authentication context inserted into axum::http::Extensions
by crate::middleware::bearer_auth after a successful auth check.
Downstream middleware (rate limiting, audit logging) and route handlers
(tenant-scope authorization) consume this rather than re-parsing the
Authorization header.
Fields§
§token_id: TokenIdStable identifier for the authenticated bearer token. See TokenId.
scope: TokenScopeTenants this token is authorised to address. Populated by the bearer
auth middleware from the parsed crate::token_scope::ParsedTokens
map. Dev-mode contexts default to TokenScope::all.
Handlers that bind to a tenant call AuthContext::authorize_tenant
before doing per-tenant work.
Implementations§
Source§impl AuthContext
impl AuthContext
Sourcepub fn for_token(token: &str) -> Self
pub fn for_token(token: &str) -> Self
Construct an AuthContext for a successfully-authenticated token,
defaulting the scope to wildcard. Retained as a back-compat helper
for tests that pre-date scoped tokens; production code goes through
AuthContext::with_scope.
Sourcepub fn with_scope(token: &str, scope: TokenScope) -> Self
pub fn with_scope(token: &str, scope: TokenScope) -> Self
Construct an AuthContext with an explicit scope.
Sourcepub fn dev() -> Self
pub fn dev() -> Self
Construct the dev-mode pass-through context. Dev mode always grants the wildcard scope — the operator already opted out of auth by leaving the allowlist empty, so per-tenant gating would be theatre.
Return Ok(()) if this token may address tenant, otherwise an
ApiError with kind: "tenant_scope_denied". Routes that bind to
a tenant call this before doing any per-tenant work.
Trait Implementations§
Source§impl Clone for AuthContext
impl Clone for AuthContext
Source§fn clone(&self) -> AuthContext
fn clone(&self) -> AuthContext
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreAuto Trait Implementations§
impl Freeze for AuthContext
impl RefUnwindSafe for AuthContext
impl Send for AuthContext
impl Sync for AuthContext
impl Unpin for AuthContext
impl UnsafeUnpin for AuthContext
impl UnwindSafe for AuthContext
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<T> FutureExt for T
impl<T> FutureExt for T
Source§fn with_context(self, otel_cx: Context) -> WithContext<Self>
fn with_context(self, otel_cx: Context) -> WithContext<Self>
Source§fn with_current_context(self) -> WithContext<Self>
fn with_current_context(self) -> WithContext<Self>
impl<A, B, T> HttpServerConnExec<A, B> for Twhere
B: Body,
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left is true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left(&self) returns true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read more